
providing a user defined access control command attribute read list containing 
user identifications that are allowed to read a specified set of Lightweight Directory 
Access Protocol (LDAP) attributes; 

providing a system administrator defined read access control command; 

wherein said read access control command resides in a directory containing 
said LDAP attributes; 

said read access control command listing LDAP user attributes that said 
administrator has selected for user defined read access; and 

said read access control command referring to said user defined read list at 
runtime thereby allowing said read user identifications read access to said LDAP user 
attributes. 

5. A process for a simplified access control language that controls access to 
directory entries in a computer environment, comprising the steps of: 

providing a system administrator defined read access control command that 
lists Lightweight Directory Access Protocol (LDAP) user attributes that said 
administrator has selected for user defined read access; 

providing a system administrator defined write access control command that 
lists LDAP user attributes that said administrator has selected for user defined write 
access; 

providing a plurality of user defined access control command attribute read lists 
containing user identifications that are allowed to read said LDAP user attributes that 
said administrator has selected for user defined read access; and 

providing a plurality of user defined access control command attribute write lists 
containing user identifications that are allowed to write said LDAP user attributes that 
said administrator has selected for user defined write access; 

wherein said read access control command and said write access control 
command reside in a directory containing said LDAP user attributes; 

wherein when a client read access to one of the LDAP user attributes that said 
administrator has selected for user defined read access occurs, said read access 
control command and the read list of the owner of the attribute being accessed are 
used to determine if said client has permission to execute said read access; and 
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wherein when a client write access to one of the LDAP user attributes that said 
administrator has selected for user defined write access occurs, said write access 
control command and the write list of the owner of the attribute being accessed are 
used to determine if said client has permission to execute said write access. 

6. A process for a simplified access control language that controls access to 
directory entries in a computer environment, comprising the steps of: 

providing a user defined access control cpmmand attribute write list containing 
user identifications that are allowed to write a specified set of Lightweight Directory 
Access Protocol (LDAP) attributes; 

providing a system administrator defined write access control command; 

wherein said write access control command resides in a directory containing 
said LDAP attributes; 

said write access control command listing LDAP user attributes that said 
administrator has selected for user defined write access; and 

said write access control command referring to said user defined write list at 
runtime thereby allowing said write user identifications write access to said LDAP user 
attributes. 

10. An apparatus for a simplified access control language that controls access to 
directory entries in a computer environment, comprising: 

a user defined access control command attribute read list containing user 
identifications that are allowed to read a specified set of Lightweight Directory Access 
Protocol (LDAP) attributes; and 

a system administrator defined read access control command; 

wherein said read access control command resides in a directory containing 
said LDAP attributes; 

wherein said read access control command lists LDAP user attributes that said 
administrator has selected for user defined read access; and 

wherein said read access control command refers to said user defined read list 
at runtime thereby allowing said read user identifications read access to said LDAP 
user attributes. 
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14. An apparatus for a simplified access control language that controls access to 
directory entries in a computer environment, comprising: 

a system administrator defined read access control command that lists [the] 
Lightweight Directory Access Protocol (LDAP) user attributes that said administrator 
has selected for user defined read access; 

a system administrator defined write access control command that lists LDAP 
user attributes that said administrator has selected for user defined write access; 

a plurality of user defined access control command attribute read lists 
containing user identifications that are allowed to read said LDAP user attributes that 
said administrator has selected for user defined read access; and 

a plurality of user defined access control command attribute write lists 
containing user identifications that are allowed to write said LDAP user attributes that 
said administrator has selected for user defined write access; 

wherein said read access control command and said write access control 
command reside in a directory containing said LDAP attributes; 

wherein when a client read access to one of the LDAP user attributes that said 
administrator has selected for user defined read access occurs, said read access 
control command and the read list of the owner of the attribute being accessed are 
used to determine if said client has permission to execute said read access; and 

wherein when a client write access to one of the LDAP user attributes that said 
administrator has selected for user defined write access occurs, said write access 
control command and the write list of the owner of the attribute being accessed are 
used to determine if said client has permission to execute said write access. 

15. An apparatus for a simplified access control language that controls access to 
directory entries in a computer environment, comprising: 

a user defined access control command attribute write list containing user 
identifications that are allowed to write a specified set of Lightweight Directory Access 
Protocol (LDAP) attributes; and 

a system administrator defined write access control command; 
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wherein said write access control command resides in a directory containing 
said LDAP attributes; 

wherein said write access control command lists LDAP user attributes that said 
administrator has selected for user defined write access; and 

wherein said write access control command refers to said user defined write list 
at runtime thereby allowing said write user identifications write access to said LDAP 
user attributes. 

19. A program storage medium readable by a computer, tangibly embodying a 
program of instructions executable by the computer to perform method steps for a 
simplified access control language that controls access to directory entries in a 
computer environment, comprising the steps of: 

providing a user defined access control command attribute read list containing 
user identifications that are allowed to read a specified set of Lightweight Directory 
Access Protocol (LDAP) attributes; 

providing a system administrator defined read access control command; 

wherein said read access control command resides in a directory containing 
said LDAP attributes; 

said read access control command listing LDAP user attributes that said 
administrator has selected for user defined read access; and 

said read access control command referring to said user defined read list at 
runtime thereby allowing said read user identifications read access to said LDAP user 
attributes. 

23. A program storage medium readable by a computer, tangibly embodying a 
program of instructions executable by the computer to perform method steps for a 
simplified access control language that controls access to directory entries in a 
computer environment, comprising the steps of: 

providing a system administrator defined read access control command that 
lists Lightweight Directory Access Protocol (LDAP) user attributes that said 
administrator has selected for user defined read access; 
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providing a system administrator defined write access control command that 
lists LDAP user attributes that said administrator has selected for user defined write 
access; 

providing a plurality of user defined access control command attribute read lists 
containing user identifications that are allowed to read said LDAP user attributes that 
said administrator has selected for user defined read access; 

providing a plurality of user defined access control command attribute write lists 
containing user identifications that are allowed to write said LDAP user attributes that 
said administrator has selected for user defined write access; 

wherein said read access control command and said write access control 
command reside in a directory containing said LDAP attributes; 

wherein when a client read access to one of the LDAP user attributes that said 
administrator has selected for user defined read access occurs, said read access 

control command and the read list of the owner of the attribute being accessed 
are used to determine if said client has permission to execute said read access; and 

wherein when a client write access to one of the LDAP user attributes that said 
administrator has selected for user defined write access occurs, said write access 
control command and the write list of the owner of the attribute being accessed are 
used to determine if said client has permission to execute said write access. 

24. A program storage medium readable by a computer, tangibly embodying a 
program of instructions executable by the computer to perform method steps for a 
simplified access control language that controls access to directory entries in a 
computer environment, comprising the steps of: 

providing a user defined access control command attribute write list containing 
user identifications that are allowed to write a specified set of Lightweight Directory 
Access Protocol (LDAP) attributes; 

providing a system administrator defined write access control command; 

wherein said write access control command resides in a directory containing 
said LDAP attributes; 

said write access control command listing LDAP user attributes that said 
administrator has selected for user defined write access; and 
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said write access control command referring to said user defined write list at 
runtime thereby allowing said write user identifications write access to said LDAP user 
attributes. 
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